国产PLC系统与OPC UA通信过程的身份认证机制优化
|
摘要
国产化可编程逻辑控制器(Programmable Logic Controller,PLC)系统的通信安全问题是保障工业数据安全采集与传输的关键,而OPC统一架构(OPC UA)在国产PLC系统中的应用十分广泛,其中的身份认证环节对于保证信息只被合法授权用户获取和访问起着重要作用,建立强有力的身份认证机制成为系统安全的核心问题。设计了一种基于双向身份认证的认证方式,对基本安全模型进行了优化,在国产化PLC系统中应用,加强了用户信息保密、防止重放攻击、防止冒充等安全性能,同时还可以提供详细的审计记录以备使用,提高了整个国产化PLC系统的安全性。
Communication security of domestic PLC system is the key to ensure the legal and accurate collection and transmission of industrial data. OPC UA is widely used in domestic PLC system. The authentication link plays an important role in ensuring that information is only accessed by legitimate authorized users. So establishing a strong identity authentication mechanism has become the core issue of system security.The paper designs an authentication method based on two 8 way identity authentication,optimizes the basic security model,and applies it in the localized PLC system,which strengthens the security of user information,prevents replay attacks,and prevents impersonation. At the same time,it can also provide detailed audit records for user,which improves the safety of the whole localized PLC system.
Communication security of domestic PLC system is the key to ensure the legal and accurate collection and transmission of industrial data. OPC UA is widely used in domestic PLC system. The authentication link plays an important role in ensuring that information is only accessed by legitimate authorized users. So establishing a strong identity authentication mechanism has become the core issue of system security.The paper designs an authentication method based on two 8 way identity authentication,optimizes the basic security model,and applies it in the localized PLC system,which strengthens the security of user information,prevents replay attacks,and prevents impersonation. At the same time,it can also provide detailed audit records for user,which improves the safety of the whole localized PLC system.
引文
[1]IEC62541-1:OPC unified architecture specification-Part1:overview and concepts[Z].2008.
[2]加舒娟.基于全国产化PLC的OPC UA Server系统的设计与实现[D].西安:西安电子科技大学,2017.
[3]周楝淞,卿昱,谭平嶂.一种改进的基于标识的认证系统的实现[J].信息安全与通信保密,2009(2):61-63.
[4]IEC62541-1:OPC unified architecture specification-Part17:security[Z].2008.
[5]曹望,尤志强.基于数字证书的通用权限管理的设计与实现[J].计算机系统应用,2010,19(9):128-133.
[6]杨桓.基USB KEY的身份认证技术的相关研究[J].软件导刊,2011,10(3):154-156.
[7]刘敏,徐进.一种新的基于PKI的双向身份认证系统的设计[J].信息化研究,2009,35(4):39-40.
[8]白洋.OPC UA服务器安全与配置功能模块研究及开发[D].北京:华电电力大学,2011.
[2]加舒娟.基于全国产化PLC的OPC UA Server系统的设计与实现[D].西安:西安电子科技大学,2017.
[3]周楝淞,卿昱,谭平嶂.一种改进的基于标识的认证系统的实现[J].信息安全与通信保密,2009(2):61-63.
[4]IEC62541-1:OPC unified architecture specification-Part17:security[Z].2008.
[5]曹望,尤志强.基于数字证书的通用权限管理的设计与实现[J].计算机系统应用,2010,19(9):128-133.
[6]杨桓.基USB KEY的身份认证技术的相关研究[J].软件导刊,2011,10(3):154-156.
[7]刘敏,徐进.一种新的基于PKI的双向身份认证系统的设计[J].信息化研究,2009,35(4):39-40.
[8]白洋.OPC UA服务器安全与配置功能模块研究及开发[D].北京:华电电力大学,2011.